Various Methods to Disassemble DEX Files

This how-to documents various methods and tools in disassembling DEX files for the Android OS. An example "Hello Android" APK file developed from the Android SDK example is used to demonstrate the various tools. The various tools and methods are listed below in the subsections.

The file of importance in analyzing the various methods of disassembly is 'classes.dex'. The various tools listed below will use this file.

dedexer

A disassembler (available at http://dedexer.sourceforge.net/) to turn the DEX format into an "assembly-like format". The format uses Jasmin like syntax and various Dalvik opcodes. The command used to disassemble the classes.dex file is:

baksmali

The baksmali disassembler (available at http://code.google.com/p/smali/) disassembles the DEX file into a format loosely based on the Jasmin's/dedexer's syntax. The command used in this analysis to generate the disassembly is:

$ java -jar baksmali-1.2.4.jar classes.dex

The command outputs several files and produces the /out/com/example/helloandroid directory structure, but the main file to investigate is HelloAndroid.smali. HelloAndroid.smali displays the Jasmin syntax and partial Dalvik opcodes as:

dex2jar

An easier method for disassembling DEX files is to reproduce the Java files. The procedure for performing this task is to take the Dalvik opcodes to the Java byte codes (JAR file). The next step is to take a Java decompiler, which will produce several java files. The two tools used in the section are dex2jar (available at http://code.google.com/p/dex2jar/) and a java decompiler of choice. The steps performed to complete this transformation are:

$ ./dex2jar.bat classes.dex

Load the produced JAR file from dex2jar into the java decompiler.

The main class produced from the decompilation process using dex2jar is listed below.